Phishing Attacks: Research and Defense Strategies
VerifiedAdded on 2023/06/10
|8
|2164
|404
AI Summary
This report highlights phishing attacks on companies and individuals. It researches how cyber criminals utilise social media to launch phishing attacks. It covers techniques used by cyber criminals when using phishing to gather log in details. This report also covers how individuals and companies protect themselves from phishing attacks and what measures do they need.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
SECTION 1 Research into
Phishing Attacks
SECTION 2 Defence
against Phishing Attacks
Phishing Attacks
SECTION 2 Defence
against Phishing Attacks
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Contents
INTRODUCTION...........................................................................................................................1
SECTION 1: Research into Phishing Attacks ................................................................................1
What is phishing and spear phishing...........................................................................................1
How is spear phishing used to target victims...............................................................................1
How do cyber criminals use social media to launch phishing attacks.........................................1
What techniques are used by cyber criminals when using phishing to gather log-in details or
other information.........................................................................................................................2
What effects do phishing attacks have on individual and companies..........................................2
SECTION 2: Defence against phishing attacks...............................................................................3
How do individuals protect themselves from phishing attacks, what methods they can use to
protect themselves........................................................................................................................3
How do companies defend themselves against phishing attacks, what measures do they use....3
CONCLUSION................................................................................................................................4
REFERENCES................................................................................................................................5
INTRODUCTION...........................................................................................................................1
SECTION 1: Research into Phishing Attacks ................................................................................1
What is phishing and spear phishing...........................................................................................1
How is spear phishing used to target victims...............................................................................1
How do cyber criminals use social media to launch phishing attacks.........................................1
What techniques are used by cyber criminals when using phishing to gather log-in details or
other information.........................................................................................................................2
What effects do phishing attacks have on individual and companies..........................................2
SECTION 2: Defence against phishing attacks...............................................................................3
How do individuals protect themselves from phishing attacks, what methods they can use to
protect themselves........................................................................................................................3
How do companies defend themselves against phishing attacks, what measures do they use....3
CONCLUSION................................................................................................................................4
REFERENCES................................................................................................................................5
INTRODUCTION
This report highlights phishing attacks on companies and individuals. It researches how
cyber criminals utilise social media to launch phishing attacks. It covers techniques used by
cyber criminals when using phishing to gather log in details (Chiew, Yong and Tan, 2018). This
report also covers how individuals and companies protect themselves from phishing attacks and
what measures do they need.
SECTION 1: Research into Phishing Attacks
What is phishing and spear phishing
Phishing is a type of attack related to social engineering which is used to theft user data
comprising their login credentials and number of their credit card. It is a practice of sending
deceitful communications which seems to come from trusted sources. It occurs when an attacker
deceives a victim into opening a text message, email or website link. Likewise, spear phishing is
method of targeting certain individuals within an enterprise. There targets are mostly those
personnels who put their personal information on internet (Giandomenico, 2020).
How is spear phishing used to target victims
An email is been send by spear phishing to attack target. Email includes fraudulent links
or attachments which the target is asked to open that results in downloading malware to their
device (Goel and Jain, 2018). Another way is that an email is send directly to target which leads
them to spoofed website where they are asked to give confidential information such as bank
account number, PINs or one time passwords
How do cyber criminals use social media to launch phishing attacks
Social media is slowly becoming platform where information and personal data of users
is easily accessible for online crime. Attackers create fake profile on social media sites which
looks much as real sites where people end up giving their ID and passwords, ends up in cyber
fraud. Attackers have full access to users account which they can use to spy users. Clicking on
advertisement on websites could end in crypto mining malware infection (Woods, 2020).
Companies may use strict social media policies about what can be shared on shared online. But
oversharing can result in social engineering attack on business and its employees. With
1
This report highlights phishing attacks on companies and individuals. It researches how
cyber criminals utilise social media to launch phishing attacks. It covers techniques used by
cyber criminals when using phishing to gather log in details (Chiew, Yong and Tan, 2018). This
report also covers how individuals and companies protect themselves from phishing attacks and
what measures do they need.
SECTION 1: Research into Phishing Attacks
What is phishing and spear phishing
Phishing is a type of attack related to social engineering which is used to theft user data
comprising their login credentials and number of their credit card. It is a practice of sending
deceitful communications which seems to come from trusted sources. It occurs when an attacker
deceives a victim into opening a text message, email or website link. Likewise, spear phishing is
method of targeting certain individuals within an enterprise. There targets are mostly those
personnels who put their personal information on internet (Giandomenico, 2020).
How is spear phishing used to target victims
An email is been send by spear phishing to attack target. Email includes fraudulent links
or attachments which the target is asked to open that results in downloading malware to their
device (Goel and Jain, 2018). Another way is that an email is send directly to target which leads
them to spoofed website where they are asked to give confidential information such as bank
account number, PINs or one time passwords
How do cyber criminals use social media to launch phishing attacks
Social media is slowly becoming platform where information and personal data of users
is easily accessible for online crime. Attackers create fake profile on social media sites which
looks much as real sites where people end up giving their ID and passwords, ends up in cyber
fraud. Attackers have full access to users account which they can use to spy users. Clicking on
advertisement on websites could end in crypto mining malware infection (Woods, 2020).
Companies may use strict social media policies about what can be shared on shared online. But
oversharing can result in social engineering attack on business and its employees. With
1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
companies personal information, its location or online activities status, attackers gain access to
secure business network and infect it with malicious software.
What techniques are used by cyber criminals when using phishing to gather log-in details or
other information
Emails are the common technique through which phishing is done. Attackers usually
registers fake domain that resembles as genuine organisation and sends large number of generic
requests. Receipt ends up taking that as authentic email and puts on their log in details or
personal information. Angler phishing is where social media is used by attackers to trick people
by using fake URLs, posts, tweets, cloned websites or push messaging. It encourages users to
reveal their sensitive information or download malware. In this technique, criminals use
information which users willingly post on social media to form targeted attack such as their
name, contact and address. Another technique is smishing where telephone are main source of
communication (Bisson, 2021). It involves attackers sending text messages or involves a phone
call where attackers pose as someone from their bank or organisation and influences them to give
their personal information. Pharming phishing is more technical and difficult to detect. Attackers
seize a Domain Name Server thus when user types in their website address, the DNS server
redirects them to malicious website's IP address that looks authenticated.
What effects do phishing attacks have on individual and companies
Phishing attacks leads to data breaches of individuals and organisations. It can result in
loss of money, reputational damage, loss of firm value and disruption of business. In terms of
organisation along with financial loss, theft of consumer information, trade secrets, project
planning and blueprints can also be some of serious impact of phishing. Businesses usually hides
that they suffered phishing attacks as it results in damaging their reputation and security level in
market (Martin, Dubé and Coovert, 2018). In case of break of trust, it becomes difficult for
businesses to regain customers confidence again. It also harm firm's repute in eyes of investors as
their confidence in company gets low in case of privacy breach. In case of individuals, they
could end up losing money, their sensitive information or their social media credentials. Phishing
attacks creates risk of allowing attackers to gain access to financial information, personal data,
health information or location. In some cases it leads to hacking individuals social media which
resulting in spying activities on them or postings of fallacious content through their profile.
2
secure business network and infect it with malicious software.
What techniques are used by cyber criminals when using phishing to gather log-in details or
other information
Emails are the common technique through which phishing is done. Attackers usually
registers fake domain that resembles as genuine organisation and sends large number of generic
requests. Receipt ends up taking that as authentic email and puts on their log in details or
personal information. Angler phishing is where social media is used by attackers to trick people
by using fake URLs, posts, tweets, cloned websites or push messaging. It encourages users to
reveal their sensitive information or download malware. In this technique, criminals use
information which users willingly post on social media to form targeted attack such as their
name, contact and address. Another technique is smishing where telephone are main source of
communication (Bisson, 2021). It involves attackers sending text messages or involves a phone
call where attackers pose as someone from their bank or organisation and influences them to give
their personal information. Pharming phishing is more technical and difficult to detect. Attackers
seize a Domain Name Server thus when user types in their website address, the DNS server
redirects them to malicious website's IP address that looks authenticated.
What effects do phishing attacks have on individual and companies
Phishing attacks leads to data breaches of individuals and organisations. It can result in
loss of money, reputational damage, loss of firm value and disruption of business. In terms of
organisation along with financial loss, theft of consumer information, trade secrets, project
planning and blueprints can also be some of serious impact of phishing. Businesses usually hides
that they suffered phishing attacks as it results in damaging their reputation and security level in
market (Martin, Dubé and Coovert, 2018). In case of break of trust, it becomes difficult for
businesses to regain customers confidence again. It also harm firm's repute in eyes of investors as
their confidence in company gets low in case of privacy breach. In case of individuals, they
could end up losing money, their sensitive information or their social media credentials. Phishing
attacks creates risk of allowing attackers to gain access to financial information, personal data,
health information or location. In some cases it leads to hacking individuals social media which
resulting in spying activities on them or postings of fallacious content through their profile.
2
SECTION 2: Defence against phishing attacks
How do individuals protect themselves from phishing attacks, what methods they can use to
protect themselves
Phishing attacks can target anyone at anytime, thus individuals needs to be alert about
who they are trusting online or on call. There are several online sites that keeps people informed
about trending phishing attacks and how to identify them. It is advisable to individual to not click
on any link in e mail or instant message even if they know sender. Rather than they can go to real
site through search engine. Most browsers enables users to download add ons which spot any
fallacious website and alert them about phishing sites (Peng, Harris and Sawa, 2018). Users
should not put in their personal information or do not download any files from an unsecured site.
Individuals should regularly change their online passwords to prevent attackers to gain access to
their accounts online. Firewalls proved to be effective method to prevent external attacks as these
acts as shield between devices and attackers. It boosts security of individuals devices and
minimises chances of infiltrating their privacy. Individual should avoid clicking on pop-ups as
they often lead to malware. It also might end up giving attackers access to their phones or
computers.
It is important for individuals to understand difference between real and spoof sites.
Spoof sites often have something missing as they will not contain proper domain name or will
have spelling mistakes. Common method to avoid phishing attacks is not giving any important
information on sites which individuals do not trust fully. Keeping browsers up to date is also a
measure as they are released with extra security prospects which hackers find difficult to find
and exploit. Users should not login-in in any open wifi as these are major source through which
attackers can track users activities online. There are plenty of antivirus software in market which
provides guard against unknown and malicious sites (Sumner and Yuan, 2019). These software
gets updated frequently with terms of updated phishing attacks. These allows individual to scan
every file they download or check every device they plug in their computer. Individuals should
avoid answering calls from unknown phone numbers which poses as people from their banks or
any organisation. They should never involved in giving any type of information over phone call.
3
How do individuals protect themselves from phishing attacks, what methods they can use to
protect themselves
Phishing attacks can target anyone at anytime, thus individuals needs to be alert about
who they are trusting online or on call. There are several online sites that keeps people informed
about trending phishing attacks and how to identify them. It is advisable to individual to not click
on any link in e mail or instant message even if they know sender. Rather than they can go to real
site through search engine. Most browsers enables users to download add ons which spot any
fallacious website and alert them about phishing sites (Peng, Harris and Sawa, 2018). Users
should not put in their personal information or do not download any files from an unsecured site.
Individuals should regularly change their online passwords to prevent attackers to gain access to
their accounts online. Firewalls proved to be effective method to prevent external attacks as these
acts as shield between devices and attackers. It boosts security of individuals devices and
minimises chances of infiltrating their privacy. Individual should avoid clicking on pop-ups as
they often lead to malware. It also might end up giving attackers access to their phones or
computers.
It is important for individuals to understand difference between real and spoof sites.
Spoof sites often have something missing as they will not contain proper domain name or will
have spelling mistakes. Common method to avoid phishing attacks is not giving any important
information on sites which individuals do not trust fully. Keeping browsers up to date is also a
measure as they are released with extra security prospects which hackers find difficult to find
and exploit. Users should not login-in in any open wifi as these are major source through which
attackers can track users activities online. There are plenty of antivirus software in market which
provides guard against unknown and malicious sites (Sumner and Yuan, 2019). These software
gets updated frequently with terms of updated phishing attacks. These allows individual to scan
every file they download or check every device they plug in their computer. Individuals should
avoid answering calls from unknown phone numbers which poses as people from their banks or
any organisation. They should never involved in giving any type of information over phone call.
3
How do companies defend themselves against phishing attacks, what measures do they use
It is essential for organisations to give extra attention to their security from phishing
attacks. Major priority of companies should be on to defend the email system and keep business's
sensitive information safe. As this is the most practised phishing attacks, firms should built in
proper firewall to safeguard companies data and its user information. Companies install security
software as their first line of defence against attacks and uses web filters to limit employees from
accessing fallacious websites. They keep their software updated with current security flecks and
updates which reduces chances of getting caught in scam of phishing. Scheduling regular updates
and continually tracking of status of all software and tools helps in spotting phishing attacks on
time. Businesses use necessary encryption for workers who operates remotely and connect them
to more secured VPN server (Verkijika, 2019). Companies use multi factor authentication by
having two or more credentials to log in to firm's accounts which forbids attackers to misuse
user's information and access to their systems. Firms protects their data by backing it up and by
making sure that they are not connected to any usual network such as they usually back up on
cloud or in external had drive. Organisation undertakes employee security awareness training
which discourages them to post any personal or business information on social media. They
invest in solutions which examines inbound emails for catching malicious links and fallacious
attachments in emails. Organisation stays top on security upgrades which are issued by trusted
Internet Service Provider. They utilise authenticated certificated to secure all traffic generated to
and from their website. This may results in protecting data which is being sent between web
server and user browsers from phishing attacks.
CONCLUSION
From the information presented above, it has been concluded that phishing is practice
used by criminals where they send fraud messages which appears to come from trusted source.
These attacks result in loss of personal and sensitive information of users, loss of money or
hijacking their social sites. Organisations also faces financial loss, negative image and breach of
company's as well as its customers information. Best defences against phishing attacks are
installing software, firewalls and keeping updated all systems and tools.
4
It is essential for organisations to give extra attention to their security from phishing
attacks. Major priority of companies should be on to defend the email system and keep business's
sensitive information safe. As this is the most practised phishing attacks, firms should built in
proper firewall to safeguard companies data and its user information. Companies install security
software as their first line of defence against attacks and uses web filters to limit employees from
accessing fallacious websites. They keep their software updated with current security flecks and
updates which reduces chances of getting caught in scam of phishing. Scheduling regular updates
and continually tracking of status of all software and tools helps in spotting phishing attacks on
time. Businesses use necessary encryption for workers who operates remotely and connect them
to more secured VPN server (Verkijika, 2019). Companies use multi factor authentication by
having two or more credentials to log in to firm's accounts which forbids attackers to misuse
user's information and access to their systems. Firms protects their data by backing it up and by
making sure that they are not connected to any usual network such as they usually back up on
cloud or in external had drive. Organisation undertakes employee security awareness training
which discourages them to post any personal or business information on social media. They
invest in solutions which examines inbound emails for catching malicious links and fallacious
attachments in emails. Organisation stays top on security upgrades which are issued by trusted
Internet Service Provider. They utilise authenticated certificated to secure all traffic generated to
and from their website. This may results in protecting data which is being sent between web
server and user browsers from phishing attacks.
CONCLUSION
From the information presented above, it has been concluded that phishing is practice
used by criminals where they send fraud messages which appears to come from trusted source.
These attacks result in loss of personal and sensitive information of users, loss of money or
hijacking their social sites. Organisations also faces financial loss, negative image and breach of
company's as well as its customers information. Best defences against phishing attacks are
installing software, firewalls and keeping updated all systems and tools.
4
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
REFERENCES
Books and Journals:
Chiew, K.L., Yong, K.S.C. and Tan, C.L., 2018. A survey of phishing attacks: Their types,
vectors and technical approaches. Expert Systems with Applications, 106. pp.1-20.
Goel, D. and Jain, A.K., 2018. Mobile phishing attacks and defence mechanisms: State of art and
open research challenges. Computers & Security. 73. pp.519-544.
Martin, J., Dubé, C. and Coovert, M.D., 2018. Signal detection theory (SDT) is effective for
modeling user behavior toward phishing and spear-phishing attacks. Human
factors. 60(8). pp.1179-1191.
Peng, T., Harris, I. and Sawa, Y., 2018, January. Detecting phishing attacks using natural
language processing and machine learning. In 2018 IEEE 12th international conference
on semantic computing (icsc) (pp. 300-301). IEEE.
Sumner, A. and Yuan, X., 2019, April. Mitigating phishing attacks: an overview. In Proceedings
of the 2019 ACM Southeast Conference (pp. 72-77).
Verkijika, S.F., 2019. “If you know what to do, will you take action to avoid mobile phishing
attacks”: Self-efficacy, anticipated regret, and gender. Computers in Human
Behavior. 101. pp.286-296.
Online:
Giandomenico. N. 2020. What is Spear-phishing? Defining and Differentiating Spear-phishing
from Phishing, 2020. [Online] Available through: <https://digitalguardian.com/blog/what-is-
spear-phishing-defining-and-differentiating-spear-phishing-and-phishing>
Woods. E. 2020. How Hacker's Use Social Media For Social Engineering Attacks. 2020
[Online] Available through: <https://blog.usecure.io/social-media-the-key-ingredients-for-social-
engineering-attacks>
Bisson. D. 2021. 6 Common Phishing Attacks and How to Protect Against Them. 2021. [Online]
Available through: <https://www.tripwire.com/state-of-security/security-awareness/6-common-
phishing-attacks-and-how-to-protect-against-them/#:~:text=They%20therefore%20use
%20shortened%20URLs,to%20a%20legitimate%20web%20page.>
5
Books and Journals:
Chiew, K.L., Yong, K.S.C. and Tan, C.L., 2018. A survey of phishing attacks: Their types,
vectors and technical approaches. Expert Systems with Applications, 106. pp.1-20.
Goel, D. and Jain, A.K., 2018. Mobile phishing attacks and defence mechanisms: State of art and
open research challenges. Computers & Security. 73. pp.519-544.
Martin, J., Dubé, C. and Coovert, M.D., 2018. Signal detection theory (SDT) is effective for
modeling user behavior toward phishing and spear-phishing attacks. Human
factors. 60(8). pp.1179-1191.
Peng, T., Harris, I. and Sawa, Y., 2018, January. Detecting phishing attacks using natural
language processing and machine learning. In 2018 IEEE 12th international conference
on semantic computing (icsc) (pp. 300-301). IEEE.
Sumner, A. and Yuan, X., 2019, April. Mitigating phishing attacks: an overview. In Proceedings
of the 2019 ACM Southeast Conference (pp. 72-77).
Verkijika, S.F., 2019. “If you know what to do, will you take action to avoid mobile phishing
attacks”: Self-efficacy, anticipated regret, and gender. Computers in Human
Behavior. 101. pp.286-296.
Online:
Giandomenico. N. 2020. What is Spear-phishing? Defining and Differentiating Spear-phishing
from Phishing, 2020. [Online] Available through: <https://digitalguardian.com/blog/what-is-
spear-phishing-defining-and-differentiating-spear-phishing-and-phishing>
Woods. E. 2020. How Hacker's Use Social Media For Social Engineering Attacks. 2020
[Online] Available through: <https://blog.usecure.io/social-media-the-key-ingredients-for-social-
engineering-attacks>
Bisson. D. 2021. 6 Common Phishing Attacks and How to Protect Against Them. 2021. [Online]
Available through: <https://www.tripwire.com/state-of-security/security-awareness/6-common-
phishing-attacks-and-how-to-protect-against-them/#:~:text=They%20therefore%20use
%20shortened%20URLs,to%20a%20legitimate%20web%20page.>
5
1 out of 8
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.